<?php
// NOTE: we have customer and admin role, customer means 'guest', I'll rename it later.
class TBB_Acl extends Zend_Acl
{
    public function __construct()
    {
        //---------------------------------------
        // ROLES
        //---------------------------------------

        $this->_addRole("customer")
             ->_addRole("staff", "customer")
             ->_addRole("admin", "staff") ;           

        //---------------------------------------
        // FRONT-END RESOURCES
        //---------------------------------------

        $this->_add("customer")
        	 ->_add("customer:index", "customer")
        	 ->_add("customer:error", "customer")
        	 ->_add("customer:users", "customer")
        	 ->_add("customer:trip", "customer")
        	 ->_add("customer:ticket", "customer")
        	 ->_add("customer:customer", "customer")
        	 ->_add("customer:payment", "customer");

        //---------------------------------------
        // BACK-END RESOURCES
        //---------------------------------------

        $this->_add("admin")
             ->_add("admin:index", "admin")
             ->_add("admin:error", "admin")
             ->_add("admin:users", "admin")
             ->_add("admin:role", "admin");

        //---------------------------------------
        // CUSTOMER PERMISSIONS
        //---------------------------------------

        $this->allow("customer", "customer")
        	 ->allow("customer", "customer:index")
        	 ->allow("customer", "customer:error")
             ->allow("customer", "customer:users")
             ->allow("customer", "customer:trip")
             ->allow("customer", "customer:ticket")
             ->allow("customer", "customer:customer")
             ->allow("customer", "customer:payment")        
             // not sure about this privilege, I just think that customer can login and logout in admin panel
             ->allow("customer", "admin:users", array("login", "logout"));             

        //---------------------------------------
        // ADMIN PERMISSIONS
        //---------------------------------------

        $this->allow("admin")
        	 ->allow("admin", "admin:index")
        	 ->allow("admin", "admin:error")
             ->allow("admin", "admin:users");
             
        //---------------------------------------
        // STAFF PERMISSIONS
        //---------------------------------------

        $this->allow("staff", "admin:users", array("login", "logout"));

        return $this;
    }

    protected function _add($resource, $parent = null)
    {
        $this->add(new Zend_Acl_Resource($resource), $parent);
        return $this;
    }
    
    protected function _addRole($role, $parents = null)
    {
        $this->addRole(new Zend_Acl_Role($role, $parents));
        return $this;
    }
	
}